Microsoft Warns of Critical Bugs Being Exploited in the Wild
Microsoft released on Tuesday patches addressing 59 security vulnerabilities, including two critical zero-days (CVE-2023-36033 and CVE-2023-36036) actively exploited in the wild, capable of granting SYSTEM privileges. The details of live attacks were not disclosed.
The Patch Tuesday rollout also fixed a known WepP flaw in Microsoft Edge, remote code execution issues in the Windows cURL Implementation, and feature bypass problems in the Windows SmartScreen tool. Notably, a high-priority deployment patch addressed a severe flaw (CVE-2023-36397) in Windows Pragmatic General Multicast (PGM).
Additionally, Adobe released patches for 72 security bugs, highlighting critical code-execution defects in Acrobat and Reader, affecting unpatched Windows and macOS systems. Critical ColdFusion flaws were also addressed in versions 2023 and 2021, posing risks of arbitrary code execution and security feature bypass.
Analysis from our SOC team
Although Microsoft has not disclosed specific details about the nature and extent of the exploit, they have provided security patches to mitigate the vulnerabilities detected. As for Adobe, they have not mentioned any active exploitation, but the patches also address critical vulnerabilities.
Companies are advised to apply the updates published by Microsoft and Adobe immediately.
Approach SOC team remains available to help you implement vulnerability management and best practice.
Other news
SAP has released three new and three updated security notes as part of its November 2023 Security Patch Day. The most critical note addresses CVE-2023-31403, a vulnerability in the Business One enterprise resource planning application, with a CVSS score of 9.6. This bug involves improper access control allowing anonymous users read and write access to the SMB shared folder, affecting various components.
The other two new security notes address medium-severity information disclosure issues in NetWeaver Application Server ABAP and ABAP Platform, as well as NetWeaver AS Java Logon. Among the updated notes, the most crucial addresses a critical-severity missing authorization check flaw in CommonCryptoLib, impacting multiple SAP products.
Although initially patched in September 2023, the security note has been updated with minor changes. The remaining two updated notes cover medium-severity vulnerabilities in NetWeaver AS Java and multiple Sybase products.
Analysis from our SOC team
While there is no mention of active exploits, it recommends to customers to apply the patches promptly to mitigate potential risks.
A hotfix is provided for Business One version 10.0 SP 2308, and users on lower support package levels are advised to update and apply the fix.
If you require assistance with your vulnerability management, do not hesitate to contact our SOC.
n November 2023, Siemens and Schneider Electric issued Patch Tuesday advisories addressing approximately 90 vulnerabilities in their products.
Siemens released 14 advisories highlighting over 80 vulnerabilities, including critical ones in Simatic MV500 optical readers, Sinec PNI device initialization, Siprotec protection devices, Scalance routers, and Desigo CC building management system.
High-severity vulnerabilities were identified in various products, such as Scalance communication devices, Nozomi Networks security software used in Ruggedcom devices, Simatic PCS Neo DCS, Simcenter Femap simulation application, Tecnomatix Plant Simulation software, Mendix Studio Pro development platform, and Siemens OPC UA Modeling Editor. Exploiting these vulnerabilities could lead to arbitrary code execution, DoS attacks, information exposure, and privilege escalation.
Schneider Electric’s advisories include patches for five vulnerabilities. In EcoStruxure Power products, a high-severity flaw allows for user redirection to an arbitrary domain, and a medium-severity vulnerability enables arbitrary JavaScript execution through XSS attacks. PowerLogic products were patched for a high-severity issue allowing the upload of malicious firmware and a medium-severity bug that, with elevated privileges, could compromise the user’s browser. A medium-severity flaw in Galaxy UPS devices was also addressed, preventing file system enumeration and unauthorized file downloads.
Analysis from our SOC team
Siemens has released or plans to release patches for many, but some products will remain unpatched.
Effective vulnerability management is crucial in safeguarding your industrial systems. While some products may not receive fixes, prioritizing the implementation of available patches remains a critical step in mitigating potential risks to your industrial infrastructure.
If you require assistance with your vulnerability management, do not hesitate to contact our SOC.
GitGuardian, in collaboration with security researcher Tom Forbes, has uncovered a concerning trend in PyPI packages. An analysis revealed nearly 4,000 hardcoded credentials across almost 3,000 packages, with over 760 of them confirmed as valid. These secrets include keys for Azure, AWS, GitHub, MongoDB, MySQL, PostgreSQL, and more.
Valid credentials pose an immediate threat, and GitGuardian emphasizes the ongoing risk, even after validating less than 800 credentials. The number of leaked secrets is rising, with over 1,000 added in the past year alone. Alarming is the fact that a single leaked secret often appears in multiple releases, totaling 56,866 occurrences across PyPI. Leaked secrets are commonly found in .py files, configuration/documentation files (.json, .yml), ‘readme’ files, and even in test folders.
Preventing secrets exposure is crucial, as it poses risks to developers and users, enabling unauthorized access, impersonation, and potential manipulation through social engineering tactics.
Stay vigilant, Python developers, and prioritize secure coding
practices to safeguard your projects and user data.
Analysis from our SOC team
To safeguard your PyPI packages from secret leaks:
Avoid Unencrypted Credentials:
– Never add plaintext secrets to your code.
– Use tools like python-dotenv or Cloud Secrets Managers for secure secret management.
Scan Before Release:
– Employ automated scanning tools like ggshield to identify secrets before sharing code.
Keep Secrets Local:
– Detect and prevent leaks at the local level using pre-commit and pre-push git hooks.
The Centre for Cybersecurity Belgium has launched a new initiative, Safeonweb @ work, aimed at enhancing the cyber resilience of Belgian companies and organizations. Complementing the existing Safeonweb initiative, this project provides advice, recommendations, and tools to help identify and mitigate vulnerabilities in systems, ensuring organizations stay alert to cyber threats.
The initiative is supported by a communication campaign that commenced on November 14, 2023, emphasizing the importance of cybersecurity among the target audience.
Organizations can register on the platform to access services like Cyber Threat Alerts, CyberFundamentals Framework, policy templates, and a self-assessment tool to measure and improve their cybersecurity maturity level. The initiative is a response to the growing importance of cybersecurity, as highlighted by statistics showing that 23% of companies in Belgium have experienced IT security incidents.
Analysis from our SOC team
If you’re a Belgian Company or have an office in Belgium, we suggest you register on the Safeonweb@work service (https://atwork.safeonweb.be/) of Centre for Cybersecurity Belgium to access these valuable cybersecurity resources.
This enables Safeonweb to enhance the speed and effectiveness of informing you, and facilitates reaching out to the appropriate individuals in your organization in case they have information about any issues with your infrastructure or other critical communications.
